Comments on: Tech Firm Ubiquiti Suffers $46M Cyberheisthttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
In-depth security news and investigationTue, 20 Mar 2018 01:27:56 +0000hourly1https://wordpress.org/?v=4.9.4By: Mr. Whitehttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-2/#comment-390358
Sun, 16 Aug 2015 16:21:34 +0000http://krebsonsecurity.com/?p=31866#comment-390358I would be curious to know how they were able to get the 8 million back.
]]>By: TMillerhttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390283
Thu, 13 Aug 2015 17:30:36 +0000http://krebsonsecurity.com/?p=31866#comment-390283Clearly the 46 Million loss on their 8-K filing did nothing to harm the company. They have been upgraded from hold to buy in the market. This goes to show, the aggregate lack of knowledge or understanding surrounding this event. It is not even known if there is more risk, but investors are encouraged to buy their stock.

For tech companies having international development, some number will have the code generation located differently than code delivery… the foreign tech lead emails the code delivery department something to include (like a cert, seems unlikely that any reasonable org would accept a binary outside of a signed library, but then you’d think companies wouldn’t be scammed for 46M either… so maybe include a binary). Email would have some reasonable excuse about recent meetings gleaned from the purloined email stream, security, or blablabla.

Now the code stream being delivered with the product– or worse, an update– has a nice 0-day built in. For sale, or for botnet building, whatever way provides the best monetization.

]]>By: Mikehttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390213
Wed, 12 Aug 2015 09:25:50 +0000http://krebsonsecurity.com/?p=31866#comment-390213The mainstream news is ran by people that will only tell you what they think you need to hear. With them, it’s more about what they wont tell you. It’s part of what makes places like this a better source of news.
]]>By: Henrik Schackhttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390207
Wed, 12 Aug 2015 06:35:04 +0000http://krebsonsecurity.com/?p=31866#comment-390207SPF doesn’t prevent From: address spoofing, you need DMARC for that.
DMARC on the other hand is pretty effective at that task
]]>By: Lance Stonehttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390178
Tue, 11 Aug 2015 21:01:35 +0000http://krebsonsecurity.com/?p=31866#comment-390178Why has this not hit the mainstream news yet?
]]>By: Ronhttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390164
Tue, 11 Aug 2015 17:28:28 +0000http://krebsonsecurity.com/?p=31866#comment-390164Actually it should be you who calls them (at a known number) to verify the transactions.
]]>By: Don Millerhttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390141
Tue, 11 Aug 2015 14:59:54 +0000http://krebsonsecurity.com/?p=31866#comment-390141I got a tip from an FBI Agent about a year ago, that has helped raise phishing awareness in my company.

On our Exchange server, I made a rule that adds [EXTERNAL] to the subject line of every email that originates outside of our Exchange environment.

My users are much more aware of phishing and it is pretty obvious when someone is trying to phish us.

]]>By: Theodorehttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390138
Tue, 11 Aug 2015 14:29:01 +0000http://krebsonsecurity.com/?p=31866#comment-390138Amazing, I’ve never heard of phishing getting so much from a single victim
]]>By: IA Enghttps://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/comment-page-1/#comment-390136
Tue, 11 Aug 2015 10:11:15 +0000http://krebsonsecurity.com/?p=31866#comment-390136Who’s overall responsible ? CEO. Who responsible for finances? CFO. A Chief is a Chief regardless. Some have power, some are pawns.
]]>